Block user after 6 login attempts

xexer49142 · December 5, 2019, 1:07pm

Is there a way to block a user during X hours after 6 failed login attempts?.

Also, it would be useful to index this event (User XXXX blocked).

Anthony · May 14, 2021, 4:09pm

@xexer49142 There is a section in config.yml file:

auth_failure_listeners:
      ip_rate_limiting:
        type: ip
        allowed_tries: 3
        time_window_seconds: 3600
        block_expiry_seconds: 600
        max_blocked_clients: 100000
        max_tracked_clients: 100000
      internal_authentication_backend_limiting:
        type: username
        authentication_backend: internal        
        allowed_tries: 3
        time_window_seconds: 3600
        block_expiry_seconds: 600
        max_blocked_clients: 100000
        max_tracked_clients: 100000

You can block per username or per IP.
Hope this helps

Topic		Replies	Views
Locking Accounts After Failed Attempts Security	1	393	August 26, 2021
Limit connection per user Opensearch Security	4	977	June 14, 2021
Block user/ip range globally via API Security	1	490	February 7, 2023
RESOLVED: Members in same AD group can't login Security	1	693	July 8, 2019
Cannot create index pattern in private tenant Security troubleshoot	16	952	May 3, 2023

Block user after 6 login attempts

Related Topics